97648fc257
Only send an error reply if the request passes basic verification. Otherwise, kpasswdd would reply to every UDP packet, allowing an attacker to set up a ping-pong DoS attack via a spoofed UDP packet with a source address of another UDP service that also replies to every packet. Also suppress the error reply if ap_req_len is 0, since this indicates an error packet. An error packet may be the result of a ping-pong attacker pointing us at another kpasswdd. Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
Heimdal is a Kerberos 5 implementation. For information how to install see <http://www.h5l.org/compile.html>. There are briefer man pages for most of the commands. Bug reports and bugs are appreciated, see more under Bug reports in the manual on how we prefer them: <heimdal-bugs@h5l.org>. For more information see the web-page at <http://www.h5l.org/> or the mailing lists: heimdal-announce@sics.se low-volume announcement heimdal-discuss@sics.se high-volume discussion send a mail to heimdal-announce-request@sics.se and heimdal-discuss-request@sics.se respectively to subscribe.